blob: 8b068100f32a94f0453c368d1b48585f1ef43907 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
{ lib, stdenv, buildPackages, fetchurl, flex, cracklib, db4, gettext, audit, libxcrypt
, nixosTests
}:
stdenv.mkDerivation rec {
pname = "linux-pam";
version = "1.5.2";
src = fetchurl {
url = "https://github.com/linux-pam/linux-pam/releases/download/v${version}/Linux-PAM-${version}.tar.xz";
sha256 = "sha256-5OxxMakdpEUSV0Jo9JPG2MoQXIcJFpG46bVspoXU+U0=";
};
patches = [ ./suid-wrapper-path.patch ];
outputs = [ "out" "doc" "man" /* "modules" */ ];
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [ flex ]
++ lib.optional stdenv.buildPlatform.isDarwin gettext;
buildInputs = [ cracklib db4 libxcrypt ]
++ lib.optional stdenv.buildPlatform.isLinux audit;
enableParallelBuilding = true;
preConfigure = lib.optionalString (stdenv.hostPlatform.libc == "musl") ''
# export ac_cv_search_crypt=no
# (taken from Alpine linux, apparently insecure but also doesn't build O:))
# disable insecure modules
# sed -e 's/pam_rhosts//g' -i modules/Makefile.am
sed -e 's/pam_rhosts//g' -i modules/Makefile.in
'';
configureFlags = [
"--includedir=${placeholder "out"}/include/security"
"--enable-sconfigdir=/etc/security"
];
installFlags = [
"SCONFIGDIR=${placeholder "out"}/etc/security"
];
doCheck = false; # fails
passthru.tests = {
inherit (nixosTests) pam-oath-login pam-u2f shadow;
};
meta = with lib; {
homepage = "http://www.linux-pam.org/";
description = "Pluggable Authentication Modules, a flexible mechanism for authenticating user";
platforms = platforms.linux;
license = licenses.bsd3;
};
}
|